1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
|
Installation instructions for iptables
======================================
iptables uses the well-known configure(autotools) infrastructure.
$ ./configure
$ make
# make install
Prerequisites
=============
* no kernel-source required
* but obviously a compiler, glibc-devel and linux-kernel-headers
(/usr/include/linux)
Configuring and compiling
=========================
./configure [options]
--prefix=
The prefix to put all installed files under. It defaults to
/usr/local, so the binaries will go into /usr/local/bin, sbin,
manpages into /usr/local/share/man, etc.
--with-xtlibdir=
The path to where Xtables extensions should be installed to. It
defaults to ${libdir}/xtables.
--enable-devel (or --disable-devel)
This option causes development files to be installed to
${includedir}, which is needed for building additional packages,
such as Xtables-addons or other 3rd-party extensions.
It is enabled by default.
--enable-static
Produce additional binaries, iptables-static/ip6tables-static,
which have all shipped extensions compiled in.
--disable-shared
Produce binaries that have dynamic loading of extensions disabled.
This implies --enable-static.
(See some details below.)
--enable-libipq
This option causes libipq to be installed into ${libdir} and
${includedir}.
--with-ksource=
Xtables does not depend on kernel headers anymore, but you can
optionally specify a search path to include anyway. This is
probably only useful for development.
If you want to enable debugging, use
./configure CFLAGS="-ggdb3 -O0"
(-O0 is used to turn off instruction reordering, which makes debugging
much easier.)
To show debug traces you can add -DDEBUG to CFLAGS option
Other notes
===========
The make process will automatically build multipurpose binaries.
These have the core (iptables), -save, -restore and -xml code
compiled into one binary, but extensions remain as modules.
Static and shared
=================
Basically there are three configuration modes defined:
--disable-static --enable-shared (this is the default)
Build a binary that relies upon dynamic loading of extensions.
--enable-static --enable-shared
Build a binary that has the shipped extensions built-in, but
is still capable of loading additional extensions.
--enable-static --disable-shared
Shipped extensions are built-in, and dynamic loading is
deactivated.
|